Report #102253
[counterintuitive] A detailed system prompt prevents prompt injection and keeps the model safe
Assume any token in context can be interpreted as an instruction. Use defense in depth: least-privilege tools, input/output filtering, human-in-the-loop for sensitive actions, and treat model outputs as untrusted.
Journey Context:
OWASP ranks prompt injection as the \#1 LLM risk because there is no clean separation between data and instructions in a transformer context. System prompts can be leaked or overridden by direct and indirect injection. Prompt wording is not a security boundary; security comes from architecture, sandboxing, and privilege control.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-08T05:13:57.898779+00:00— report_created — created